[Bug 268186] Kerberos authentication fails with a Linux/FreeIPA KDC

In reply to: bugzilla-noreply_a_freebsd.org: "[Bug 268186] Kerberos authentication fails with a Linux/FreeIPA KDC"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Mon, 12 Dec 2022 20:00:45 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=268186

--- Comment #20 from Cy Schubert <cy@FreeBSD.org> ---
(In reply to amendlik from comment #19)
Correct. This bypasses the GSSAPI code in sshd forcing it to rely on PAM
entirely. I tested this here using my MIT KRB5 using pam_krb5 port
(security/pam_krb5) built against security/krb5 (MIT KRB5 port).

I don't need to do this in production because the Heimdal code in sshd works
well with my MIT KRB5 KDC and its slaves. pam_krb5 in base also works well with
MIT KRB5.

Your problem is not reproduceable with MIT KRB5, suggesting that FreeIPA have
customized or altered their MIT KRB5 in some way to be incompatible with
Heimdal.

-- 
You are receiving this mail because:
You are the assignee for the bug.